On Wed, 2017-01-11 at 03:13 +0000, Salz, Rich wrote:
> The needs for OpenSSL's LHASH are exactly what SipHash was designed
> for: fast on short strings.
> OpenSSL's hash currently *does not* call MD5 or SHA1; the MD5 code is
> commented out.
> Yes, performance tests would greatly inform the decision.


Is there really no use of LHASH tables in OpenSSL where an attacker
attempting a DoS attack can control the contents of the tables? If you
are reasonably sure that there is no such occurrence or that the number
of entries attacker can insert into such table is severally limited by
other means then perhaps it really makes no sense to replace the
existing algorithm. But we need to know this first.

Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
(You'll never know whether the road is wrong though.)

openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to